The virus searches specifically for files with ASM, PAS, TXT and DOC
extensions (as well as COM and EXE).
ASM files have the first 76 bytes overwritten with a assembler routine
which is designed (when assembled) to overwrite the beginning of the first
hard drive with garbage.
PAS files have the first 23 bytes overwritten with the text:
CONST VIRUS= "HAIFA";
TXT and DOC files are corrupted by having text inserted at
approximate half-way point:
OOPS! Hope I didn't ruin anything!!!
Well, nobody reads those stupied DOCS anyway!
Although this virus has no stealth capability, it contains a self-modifying
encryption routine such that each infection appears differently on disks.